Kaspersky: More Adoption Could Make Linux Attractive Target

There's an Evil Virus That's Threatening Mankind...

If you looked at Windows, then looked at Linux and drew a comparison list between the two, one of the things you might notice is that one of these operating systems doesn't have antivirus protection.

And to many Linux users, that's pretty much the whole point.

With estimates of over 100,000 Windows viruses running around out in the wild and virtually none on Linux (some estimates put the number around 500, and none of those in the wild), it is little wonder that while Windows users may enjoy Clippy, Linux users are opening their e-mails and downloading files with relative impunity.

But that is about to change, according to Stephen Orenberg, President of Kaspersky Lab. Kaspersky, newly relocated from Russia to Woburn, MA, is a well-known international cybersecurity firm that decided to drop in where one would least expect them: on the show floor at last month's LinuxWorld Expo.

While it is not unexpected that a company like Kaspersky would take the stance that Linux users should not feel so immune to incoming viruses and the like, Orenberg takes a fairly measured approach to what he feels is an oncoming problem for Linux.

Orenberg is quick to point out that as a company, they have more business on the Windows side than on the Linux side of the equation. But, he added, "what we're starting to see is a shift. Not necessarily in more Linux business, but a definite increase in percentage of Linux versus Windows."

The reason for this shift is not really motivated by technology, but by a far older motive.

Kaspersky's ongoing mission has seen the evolution of what Orenberg calls malware (an overarching term describing virus, Trojans, worms, spyware, and assorted nasty code) from something done for fun to something done as a business.

"Anybody writing malicious code, wants to do it where there's enough devices out there to infect" Orenberg explained. So, when virus writers sprang up in the 1990s, their primary targets were going to be the most prolific machines around: PCs running Windows. Also, these early viruses would all typically have some sort of payload. Once the virus infected a machine, the payload would create a specific result.

"Up until recently, the aim of these attacks was more for the notoriety," Orenberg said. "A virus writer was generally a kid who wanted to see if he could infect millions of machines."

But as nations grew more aggressive in hunting down these renegade virus writers and the virus writers and their tools became even more technologically sophisticated, an evolution started to occur. To protect themselves, virus writers began to band together and create malware in organized groups, and their goal if no longer notoriety: it's financial profit.

The shift has taken malware away from payload-delivering viruses to phishing, password hacking, and distributed denial of service-based extortion schemes. This new targeted focus means there will be less global malware epidemics, but more and more locally targeted custom viruses designed to attach different types and even individual machines.

This has brought a new sort of workload to Kaspersky, Orenberg explained. Where once virus definitions were updated once per week, then once per day, now Kaspersky's customers see updates once per hour.

Where Linux becomes more vulnerable is that the new for-profit stance of malware writers means that any system with valuable data within becomes a target. Windows machines were better targets of opportunity due their sheer numbers. As Linux becomes more commercially adopted and the keeper of data, it will become the new target as time goes on.

Orenberg also emphasized that while a 100 percent Linux environment is orders of magnitude less likely to be hit be a virus, many Linux deployments are within heterogeneous, not homogeneous, environments. Windows clients and servers on the network bring a vast array of potential infection points, and having an antivirus engine on a Linux server will protect the health of the overall network, even if the Linux machine itself is not vulnerable.

The technology introduced by Kaspersky for the Linux platform is new, but only to the US market. With the introduction of Anti-Virus 5.5, Linux users in the US will have the same virus protection their European counterparts have enjoyed since 1999. Kaspersky introduced anti-virus tools for Linux far earlier in Europe, Orenberg said, simply because of the far higher Linux adoption rate that exists on that side of the Atlantic.

In the new produict line, users can choose between two types of antivirus databases--standard and extended. These protect against all forms of attack, including viruses, spyware, worms, Trojans and other malware, along with the remote administration tools that can be used by hackers and other potentially hostile programs.

Other innovations include iChecker technology, first introduced by Kaspersky Lab for Windows products, and now available for Linux (as well as FreeBSD and OpenBSD). iChecker implements check-summing to support antivirus scanning of modified files only, which significantly decreases system load. Moreover, the option to scan the file system in background mode decreases system load even further.

Kaspersky faces a unique challenge, selling anti-virus software to a userbase that is mostly convinced that such protection is not needed. But they remain optimistic. "The Linux security market is wide open," Orenberg said. "No one else is in there right now."

Faced with growing integration with Windows machines, Linux users might do well to start implementing some sort of anti-virus solution in the months to come.